Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments最新文献_第2页

Mitigating excessive vCPU spinning in VM-agnostic KVM 在虚拟机无关的KVM中减少过多的vCPU旋转

Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments Pub Date : 2021-04-16 DOI: 10.1145/3453933.3454020

Ken-Ichi Ishiguro, Naoki Yasuno, Pierre-Louis Aublin, K. Kono

{"title":"Mitigating excessive vCPU spinning in VM-agnostic KVM","authors":"Ken-Ichi Ishiguro, Naoki Yasuno, Pierre-Louis Aublin, K. Kono","doi":"10.1145/3453933.3454020","DOIUrl":"https://doi.org/10.1145/3453933.3454020","url":null,"abstract":"In virtualized environments, oversubscribing virtual CPUs (vCPUs) on physical CPUs (pCPUs) is common to utilize CPU resources efficiently. Unfortunately, excessive vCPU spinning, which occurs when a vCPU is waiting in a spin loop for an event from a descheduled vCPU, causes serious performance degradation. Usually, the VM-agnostic hypervisor tries to prevent excessive vCPU spinning by rescheduling vCPUs when an excessive spin is detected by hardware support for virtualization. This paper investigates the effectiveness of KVM vCPU scheduler and shows it fails to avoid excessive vCPU spinning in many opportunities. Our in-depth analysis reveals simple modifications to KVM (41 LOC) improve the mitigation of excessive vCPU spinning. We have identified three problems: 1) scheduler mismatch, 2) lost opportunity, and 3) overboost. The first problem comes from the mismatch between the KVM vCPU scheduler and the Linux scheduler. The second and third problems come from an inefficient algorithm for choosing the next candidate vCPU to be scheduled. Our simple modifications gracefully resolves the problems and the performance improves by up to 80 %. Our results imply the VM-agnostic hypervisor can resolve excessive vCPU spinning more gracefully than previously believed.","PeriodicalId":322034,"journal":{"name":"Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116858789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

virtio-mem: paravirtualized memory hot(un)plug Virtio-mem:半虚拟化内存热插拔

Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments Pub Date : 2021-04-16 DOI: 10.1145/3453933.3454010

David Hildenbrand, M. Schulz

{"title":"virtio-mem: paravirtualized memory hot(un)plug","authors":"David Hildenbrand, M. Schulz","doi":"10.1145/3453933.3454010","DOIUrl":"https://doi.org/10.1145/3453933.3454010","url":null,"abstract":"The ability to dynamically increase or reduce the amount of memory available to a virtual machine is getting increasingly important: as one example, cloud users want to dynamically adjust the memory assigned to their virtual machines to optimize costs. Traditional memory hot(un)plug, such as hot(un)plugging emulated DIMMs, and memory ballooning can dynamically resize virtual machine memory. However, existing approaches provide limited flexibility, are incompatible with important technologies like vNUMA and fast operating system reboots, or are unsuitable when hosting untrusted virtual machines. To overcome these limitations, we introduce virtio-mem, a VIRTIO-based paravirtualized memory device, designed for fine-grained, NUMA-aware memory hot(un)plug in cloud environments. To showcase the adaptions needed in a hypervisor and a guest operating system to support virtio-mem, we describe our implementation in the QEMU/KVM hypervisor and Linux guests. We evaluate virtio-mem against traditional memory hot(un)plug and memory ballooning, showing that our approach enables assignment of memory in substantially smaller granularity per NUMA node than traditional memory hot(un)plug, such as 4 MiB on x86-64. In contrast to memory ballooning, virtio-mem is fully NUMA-aware and supports fast operating system reboots by design, while guaranteeing that malicious virtual machines, which try using more memory than agreed upon, can be detected reliably. We conclude that using paravirtualized memory devices for dynamically resizing virtual machine memory significantly increases flexibility and usability compared to state-of-the-art. A first version of virtio-mem for x86-64 has been integrated into upstream Linux and QEMU.","PeriodicalId":322034,"journal":{"name":"Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","volume":"107 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122294075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Spons & Shields: practical isolation for trusted execution 海绵和盾牌:可靠执行的实际隔离

Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments Pub Date : 2021-04-16 DOI: 10.1145/3453933.3454024

V. Sartakov, Dan O'Keeffe, D. Eyers, L. Vilanova, P. Pietzuch

{"title":"Spons & Shields: practical isolation for trusted execution","authors":"V. Sartakov, Dan O'Keeffe, D. Eyers, L. Vilanova, P. Pietzuch","doi":"10.1145/3453933.3454024","DOIUrl":"https://doi.org/10.1145/3453933.3454024","url":null,"abstract":"Trusted execution environments (TEEs) promise a cost-effective, “lift-and-shift” solution for deploying security-sensitive applications in untrusted clouds. For this, they must support rich, multi-component applications, but a large trusted computing base (TCB) inside the TEE risks that attackers can compromise application security. Fine-grained compartmentalisation can increase security through defense-in-depth, but current solutions either run all software components unprotected in the same TEE, lack efficient shared memory support, or isolate application processes using separate TEEs, impacting performance and compatibility. We describe the Spons & Shields framework (SSF) for Intel SGX TEEs, which offers intra-TEE compartmentalisation using two new abstraction, Spons and Shields. Spons and Shields generalise process, library and user/kernel isolation inside the TEE while allowing for efficient memory sharing. When users deploy unmodified multi-component applications in a TEE, SSF dynamically creates Spons (one per POSIX process or library) and Shields (to enforce a given security policy for memory accesses). Applications can be hardened with minor code changes, e.g., by using a separate Shield to isolate an SSL library. SSF uses compiler instrumentation to protect Shield boundaries, exploiting MPX instructions if available. We evaluate SSF using a complex application service (NGINX, PHP interpreter and PostgreSQL) and show that its overhead is comparable to process isolation.","PeriodicalId":322034,"journal":{"name":"Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127617035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 10

Analysis of NVMe-SSD to passthrough GPU data transfer in virtualized systems 虚拟化系统中NVMe-SSD直通GPU数据传输分析

Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments Pub Date : 2021-04-16 DOI: 10.1145/3453933.3454023

Arunkumar Vediappan, Debadatta Mishra

{"title":"Analysis of NVMe-SSD to passthrough GPU data transfer in virtualized systems","authors":"Arunkumar Vediappan, Debadatta Mishra","doi":"10.1145/3453933.3454023","DOIUrl":"https://doi.org/10.1145/3453933.3454023","url":null,"abstract":"Non-volatile storage (NVM) technologies provide faster data access compared to traditional hard disk drives and can benefit applications executing on accelerators like general purpose graphics processing units (GPGPUs). Many contemporary GPU-friendly applications process huge volumes of data residing in the secondary storage. Several research work propose techniques to optimize data transfer overheads between devices connected to the same bus e.g., peer-to-peer data transfer between NVMe-SSD and GPU connected to a PCI bus. The applicability of these techniques, extent of their benefit and associated costs in virtualized systems is the scope of this paper. In this paper, we present a comprehensive empirical analysis of different combinations of NVMe-SSD virtualization techniques and data transfer mechanisms between NVMe-SSDs and GPUs. Further, the impact of different data transfer parameters and, root-cause analysis of the resulting performance in terms of data transfer throughput and CPU utilization for different combinations of techniques is presented. Based on the empirical analysis, we provide insights to address several bottlenecks related to different GPU data transfer techniques in different virtualization setups and motivate an alternate design by extending the VirtIO framework for efficient peer-to-peer data transfer.","PeriodicalId":322034,"journal":{"name":"Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117279264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Multiple-tasks on multiple-devices (MTMD): exploiting concurrency in heterogeneous managed runtimes 多设备上的多任务(MTMD):利用异构托管运行时中的并发性

Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments Pub Date : 2021-04-16 DOI: 10.1145/3453933.3454019

Michail Papadimitriou, Eleni Markou, J. Fumero, Athanasios Stratikopoulos, Florin Blanaru, Christos Kotselidis

{"title":"Multiple-tasks on multiple-devices (MTMD): exploiting concurrency in heterogeneous managed runtimes","authors":"Michail Papadimitriou, Eleni Markou, J. Fumero, Athanasios Stratikopoulos, Florin Blanaru, Christos Kotselidis","doi":"10.1145/3453933.3454019","DOIUrl":"https://doi.org/10.1145/3453933.3454019","url":null,"abstract":"Modern commodity devices are nowadays equipped with a plethora of heterogeneous devices serving different purposes. Being able to exploit such heterogeneous hardware accelerators to their full potential is of paramount importance in the pursuit of higher performance and energy efficiency. Towards these objectives, the reduction of idle time of each device as well as the concurrent program execution across different accelerators can lead to better scalability within the computing platform. In this work, we propose a novel approach for enabling a Java-based heterogeneous managed runtime to automatically and efficiently deploy multiple tasks on multiple devices. We extend TornadoVM with parallel execution of bytecode interpreters to dynamically and concurrently manage and execute arbitrary tasks across multiple OpenCL-compatible devices. In addition, in order to achieve an efficient device-task allocation, we employ a machine learning approach with a multiple-classification architecture of Extra-Trees-Classifiers. Our proposed solution has been evaluated over a suite of 12 applications split into three different groups. Our experimental results showcase performance improvements up 83% compared to all tasks running on the single best device, while reaching up to 91% of the oracle performance.","PeriodicalId":322034,"journal":{"name":"Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116743484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3